Analysis Overview
SHA256
9f627800d9a7b119e351ac85f2e88eb01762841319b2fc60d235cc8497662c6a
Threat Level: No (potentially) malicious behavior was detected
The file en was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 16:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:54
Platform
android-x86-arm-20240603-en
Max time kernel
374s
Max time network
1828s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.74:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| GB | 142.250.187.227:80 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:53
Platform
macos-20240410-en
Max time kernel
1640s
Max time network
1643s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/en.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/en.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/en.html]
/bin/zsh
[/bin/zsh -c /Users/run/en.html]
/Users/run/en.html
[/Users/run/en.html]
/bin/sh
[sh /Users/run/en.html]
/bin/bash
[sh /Users/run/en.html]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| DE | 20.52.64.201:443 | tcp | |
| DE | 51.116.246.105:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| GB | 17.250.81.67:443 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 17.57.146.88:5223 | tcp | |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| GB | 17.57.146.154:5223 | 40-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
debian12-armhf-20240221-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
debian12-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/en.html
[/tmp/en.html]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Processes
/tmp/en.html
[/tmp/en.html]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
ubuntu2204-amd64-20240522.1-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-09 16:43
Reported
2024-06-09 17:23
Platform
ubuntu2404-amd64-20240523-en